defdeveu courses
Search…
README
secdev courses
Java
JavaScript
Android
iOS
.NET
C/C++
Webapps in general
Testing courses
Mobile testing automation
Security test automation in CI/CD pipelines
Burp for developers
DevSecOps courses
Docker security
AWS security
Control courses
Security champions boot
Assisted code-review lab
Practical personal cybersec for security auditors
S-SDLC playbook
Library
Mobile security baseline
Hacking applications
Language specific
Delivery
Main features
Agenda structure
Days and kits
Trainer formations
Course materials
Trainers
Glenn ten Cate
Zsombor Kovács
Davide Cioccia
Péter Nyilasy
Marek Zachara
Riccardo ten Cate
Timur Khrotko
Powered By GitBook
C/C++

About the course

Properties

title: Secure development in C/C++
audience: senior/medior developers, lead devs, testers and security champions
duration: 1 or 2 days (7 or 12 hrs education time), depending on the actual kit of topics applicable/required (see Agenda below)
developed by: Marek Zachara

Prerequisites

We assume that the developers attending the secdev course:
    are familiar with the C/C++ language, can compile and execute the programs
    specific focus of the course (see below) may result in additional prerequisites

Agenda

Due to the variety of applications, ranging from embedded to large scale deployments, real-time and critical systems that are built in C/C++, we recommend to tailor the training for the specific needs of the particular development team.
The list of modules below illustrate the scope to choose from, however the exact scope and detail level is pre-arranged to suit the specific needs of the attendees.

A. Principles and practice of secdev

    Defense in depth principles
    Standards and practices
    Various types of weaknesses and vulnerabilities

B. Secure architecture

    Threat modeling
    Risk assessment
    Security by design
    Checkpoints

C. Buffer overflows

    Stack overflows
    Heap overflows
    String formatting issues
    Array and string indexing

D. Value overflows

    Integer overflows
    Float limitations
    Type casts

E. Safe data handling

    Secure memory handling
    Safe pointers
    Removal of sensitive data

F. Input validation

    Common errors
    Injections
    Unsafe type casts and conversions
    Regular expressions
    Validation practices

G. Introduction to cryptography

    Symmetric and asymmetric encryption
    Communication encryption
    Storage encryption
    Password handling

H. Multithreading

    Deadlocks, starvation, etc.
    Race conditions
    Accessing external resources

I. Analysis of the source code

    Automated analysis with existing tools
    Code review
    OWASP ASVS

J. Integrations with external programs

    Safe and unsafe APIs
    Secure libraries
    Module isolation, wrappers, etc.

Trainers

Lead trainers:
Co-trainers:
secdev courses - Previous
.NET
Next - secdev courses
Webapps in general
Last modified 1yr ago
Copy link
Contents
About the course
Properties
Prerequisites
Related courses
Agenda
Trainers